Symbian3/SDK/Source/GUID-EDE54D27-D902-5C67-BF8E-5E7E0A33A98E.dita
author Dominic Pinkman <dominic.pinkman@nokia.com>
Wed, 16 Jun 2010 10:24:13 +0100
changeset 10 d4524d6a4472
parent 8 ae94777fff8f
child 13 48780e181b38
permissions -rw-r--r--
removal of PIPS 'antiword' example pending a decision on its license

<?xml version="1.0" encoding="utf-8"?>
<!-- Copyright (c) 2007-2010 Nokia Corporation and/or its subsidiary(-ies) All rights reserved. -->
<!-- This component and the accompanying materials are made available under the terms of the License 
"Eclipse Public License v1.0" which accompanies this distribution, 
and is available at the URL "http://www.eclipse.org/legal/epl-v10.html". -->
<!-- Initial Contributors:
    Nokia Corporation - initial contribution.
Contributors: 
-->
<!DOCTYPE concept
  PUBLIC "-//OASIS//DTD DITA Concept//EN" "concept.dtd">
<concept xml:lang="en" id="GUID-EDE54D27-D902-5C67-BF8E-5E7E0A33A98E"><title>ASN-PKCS Overview</title><shortdesc>The ASN-PKCS component provides interfaces for: </shortdesc><prolog><metadata><keywords/></metadata></prolog><conbody><ul><li id="GUID-ABA89F09-85DD-5BB3-92BB-DDF39D42B3F5"><p>Performing <xref scope="external" href="http://tools.ietf.org/html/rfc4792">ASN.1</xref> -DER (Abstract Syntax Notation One - Distinguished Encoding Rules) encoding and decoding of PKCS (Public-Key Cryptography Standards) private keys in raw text as well as PBE (Password-Based Encryption) encrypted forms. </p> </li> <li id="GUID-40921059-C49F-5E38-8297-F5D10F878DC7"><p>Performing ASN.1 encoding and decoding of PBE parameters associated with the private keys. </p> </li> </ul> <section><title>Key concepts and terms</title> <dl><dlentry><dt>Key</dt> <dd><p>A cryptography key is a constant value applied using a cryptographic algorithm to encrypt text or to decrypt encrypted text. </p> <p>Keys are classified as symmetric and asymmetric based on the type of algorithm applied. If the same key is used for both encryption and decryption, it is symmetric. If different keys are used for encryption and decryption, they are asymmetric. Asymmetric keys exist in the form of a public and private key pair, where the public key is used for encryption and the private key is used for decryption. </p> </dd> </dlentry> <dlentry><dt>Key Store</dt> <dd><p>A key store is a repository of keys that can be retrieved and used to accomplish a variety of tasks. </p> <p>The key store provides the following functionality: </p> <ul><li id="GUID-7217616D-996F-5346-BCAD-BC90522B972E"><p>Generation, import and export of RSA, DSA, and DH key pairs </p> </li> <li id="GUID-D759A086-C2BD-5892-AF9B-BEE93C21A55C"><p>Listing of stored keys </p> </li> <li id="GUID-9FC0C694-45E5-5DAB-9938-5BD4F414BE91"><p>Authentication of users </p> </li> <li id="GUID-D350C774-F17B-5D7B-B4DF-8EF3CA7A2AC8"><p>Private key operations for authenticated users </p> </li> </ul> </dd> </dlentry> </dl> </section> <section><title>Architecture</title> <p>The following block diagram describes the interaction of the ASN-PKCS component with the certificate and key stores: </p> <fig id="GUID-7E820717-BAC4-5C14-8A09-7B23989200F6"><image href="GUID-F18AA5AC-80C6-51B2-8D15-61C59D877520_d0e388871_href.jpg" placement="inline"/></fig> <p>The client application accesses the various certificates and keys of the device stored in the respective stores. Depending on the requests received from the store management and implementation components, ASN-PKCS acts on the keys during certain key and certificate manipulation operations. For details of the operations during which the ASN-PKCS APIs are invoked, see <xref href="GUID-EDE54D27-D902-5C67-BF8E-5E7E0A33A98E.dita#GUID-EDE54D27-D902-5C67-BF8E-5E7E0A33A98E/GUID-1586B629-1321-5D65-9995-A312825CF52D">Typical uses</xref>. </p> </section> <section><title>APIs</title> <table id="GUID-96509B7C-3CB2-5AD4-BD6C-0DDEAA7517C8"><tgroup cols="2"><colspec colname="col0"/><colspec colname="col1"/><thead><row><entry>API</entry> <entry>Description</entry> </row> </thead> <tbody><row><entry><p> <xref href="GUID-6DE1C841-A004-3255-A973-68B86A59A481.dita"><apiname>CDecPKCS8Data</apiname></xref>  </p> </entry> <entry><p>Provides the means to decode <xref scope="external" href="http://www.rsa.com/rsalabs/node.asp?id=2130">PKCS#8</xref> encoded private keys. </p> </entry> </row> </tbody> </tgroup> </table> </section> <section id="GUID-1586B629-1321-5D65-9995-A312825CF52D"><title>Typical uses</title> <p>ASN-PKCS APIs are used for encoding and decoding purposes during the following key and certificate manipulation operations: </p> <ul><li id="GUID-A9151CFF-028F-5BC1-B71E-9F99ACF2E285"><p>Encoding and decoding of PKCS private keys (in raw text and PBE-encrypted forms) during import and export of keys. When PBE-encrypted PKCS keys are imported or exported, the ASN-PKCS APIs also help in encoding or decoding of the PBE parameters. </p> </li> <li id="GUID-F2937C68-BC7D-5A10-AC61-E51139FFDA06"><p>Encoding of the private keys accompanying public key certificates (according to <xref scope="external" href="http://www.rsa.com/rsalabs/node.asp?id=2138">PKCS#12</xref> standards) while creating certificate requests. </p> </li> <li id="GUID-AF0D122F-8A98-53FB-A6FE-AE3ABE4E0847"><p>Creation of <xref scope="external" href="http://www.rsa.com/rsalabs/node.asp?id=2129">PKCS#7</xref> messages for creating the certificate requests. </p> </li> </ul> <p> <b>Notes:</b>  </p> <ul><li id="GUID-C8D72104-9E2C-59F1-A902-7270D998EF9C"><p>Device creators can use the ASN-PKCS component along with their own implementation of the certificate and key stores. </p> </li> <li id="GUID-34D1F3B2-2497-56A9-8E3E-3136D8C99C31"><p>For details of the key and certificate operations, see <xref href="GUID-6C6AED40-D5B3-5613-8F92-FD2CB711AE54.dita">Unified Keystore Tutorials</xref> and <xref href="GUID-B946BDF0-C5D8-57E2-9D05-7BE134AD032E.dita">Unified Certificate Store Tutorial</xref> respectively. </p> </li> </ul> </section> </conbody><related-links><link href="GUID-39B459CD-8210-59B5-95F4-85CE36676735.dita"><linktext>Unified Stores</linktext> </link> </related-links></concept>